import Foundation
let pattern = #"^.*?CEF:\d+\|(?<severity>.*?)\|(?<group>.*?)\|(?<process>\d+)\|-SiteId\s\((?<processid>\d+)\)\s(?<url>.*?)\s.[^\s]+\s(?<recipient>.*?)\|-RuleName\s(?<threatname>[^\|]+)\|-ActionTakenRequest(?<action>[^\|]+)\|EntryPage\s(?<subject>.*?)\s"#
let regex = try! NSRegularExpression(pattern: pattern, options: .anchorsMatchLines)
let testString = #"""
may. 30 07:04:32 host CEF:0|Security Events|ThreatAlert|869000350019695021|-SiteId (227349) bancaenlinea.bicsa.com -VisitCountry Germany|-RuleName Bad Bots|-ActionTakenRequest blocked |EntryPage bancaenlinea.bicsa.com/user/register//user/register/ -ClienteApp Chinese Vulnerability Scanner:1 -Ip 212.124.114.242-NumRequests 1 -AttemptedOn URL -AttackVectorInternalCode 200.0
may. 26 21:41:22 host CEF:0|Security Events|ThreatAlert|1000000270132476675|-SiteId (226911) www.bicsa.com -VisitCountry United States|-RuleName Bad Bots|-ActionTakenRequest blocked |EntryPage www.bicsa.com/robots.txt/robots.txt -ClienteApp LTX71:1 -Ip 35.226.23.240-NumRequests 1 -AttemptedOn URL -AttackVectorInternalCode 200.0
may. 27 17:13:21 host CEF:0|Security Events|ThreatAlert|432001330089612747|-SiteId (226911) www.bicsa.com -VisitCountry China|-RuleName Bad Bots|-ActionTakenRequest blocked |EntryPage www.bicsa.com/es/es -ClienteApp YisouSpider:1 -Ip 106.11.153.199-NumRequests 1 -AttemptedOn URL -AttackVectorInternalCode 200.0
may. 27 17:13:22 host CEF:0|Security Events|ThreatAlert|432001330089614196|-SiteId (226911) www.bicsa.com -VisitCountry China|-RuleName Bad Bots|-ActionTakenRequest blocked |EntryPage www.bicsa.com/robots.txt/robots.txt -ClienteApp YisouSpider:1 -Ip 106.11.155.219-NumRequests 2 -AttemptedOn URL -AttackVectorInternalCode 200.0
may. 27 17:13:22 host CEF:0|Security Events|ThreatAlert|432001330089614196|-SiteId (226911) www.bicsa.com -VisitCountry China -VisitCountry China|-RuleName Bad Bots|-ActionTakenRequest blocked |EntryPage www.bicsa.com/robots.txt/robots.txt -ClienteApp YisouSpider:1 -Ip 106.11.155.219-NumRequests 2/robots.txt -ClienteApp YisouSpider:1 -Ip 106.11.155.219-NumRequests 2 -AttemptedOn URL -AttackVectorInternalCode 200.0
may. 31 06:29:22 host CEF:0|Security Events|ThreatAlert|156000740014728873|-SiteId (226911) www.bicsa.com -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States -VisitCountry United States|-RuleName DDoS|-ActionTakenRequest suspended |EntryPage www.bicsa.com/www.bicsa.com/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1www.bicsa.com/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/robots.txt -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/pub/nuevo-formato-de-cheques/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/cuentas-corrientes/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/contacto/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/cobranzas/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/corporativa/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/finanzas-estructuradas/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/personal/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/ordenes-de-pago/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/ordenes-de-pago-2/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/certificado/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/e-banking/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/acerca-de-bicsa/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/infopersonal/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/bicsacapital/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/phishing/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/mapa-del-sitio/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/reportefraude/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/en/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/seguridad-y-privacidad/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1/servicios/ -ClienteApp Bot:1 -Ip 138.197.77.70-NumRequests 1
"""#
let stringRange = NSRange(location: 0, length: testString.utf16.count)
let matches = regex.matches(in: testString, range: stringRange)
var result: [[String]] = []
for match in matches {
var groups: [String] = []
for rangeIndex in 1 ..< match.numberOfRanges {
let nsRange = match.range(at: rangeIndex)
guard !NSEqualRanges(nsRange, NSMakeRange(NSNotFound, 0)) else { continue }
let string = (testString as NSString).substring(with: nsRange)
groups.append(string)
}
if !groups.isEmpty {
result.append(groups)
}
}
print(result)
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Swift 5.2, please visit: https://developer.apple.com/documentation/foundation/nsregularexpression